Prepare for API v1 (PR #570)

2018-10-13 20:16:35 +02:00 · 2018-10-13 20:16:35 +02:00 · fd96b6ccc1
commit fd96b6ccc1
parent d9ae0d11b0
21 changed files with 536 additions and 217 deletions
--- a/config/app_config.yml.SAMPLE
+++ b/config/app_config.yml.SAMPLE
@ -6,6 +6,7 @@ default: &defaults
  multi_coop_install: false

  # If multi_coop_install you have to use a coop name, which you you wanna be selected by default
+  # Please use basic characters for scope names, matching /[-a-zA-Z0-9_]+/
  default_scope: 'f'

  # name of this foodcoop
--- a/config/application.rb
+++ b/config/application.rb
@ -48,7 +48,7 @@ module Foodsoft
    # parameters by using an attr_accessible or attr_protected declaration.
    # TODO Re-activate this. Uncommenting this line will currently cause rspec to fail.
    config.active_record.whitelist_attributes = false
-    
+
    # Enable the asset pipeline
    config.assets.enabled = true

@ -62,6 +62,14 @@ module Foodsoft
    # Load legacy scripts from vendor
    config.assets.precompile += [ 'vendor/assets/javascripts/*.js' ]

+    # CORS for API
+    config.middleware.insert_before 0, 'Rack::Cors' do
+      allow do
+        origins '*'
+        # this restricts Foodsoft scopes to certain characters - let's discuss it when it becomes an actual problem
+        resource %r{\A/[-a-zA-Z0-9_]+/api/v1/}, headers: :any, methods: :any
+      end
+    end
  end

  # Foodsoft version
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@ -0,0 +1,113 @@
+Doorkeeper.configure do
+  # Change the ORM that doorkeeper will use (needs plugins)
+  orm :active_record
+
+  # This block will be called to check whether the resource owner is authenticated or not.
+  resource_owner_authenticator do
+    authenticate
+  end
+
+  resource_owner_from_credentials do
+    User.authenticate(params[:username], params[:password])
+  end
+
+  admin_authenticator do
+    authenticate_admin
+  end
+
+  # Authorization Code expiration time (default 10 minutes).
+  # authorization_code_expires_in 10.minutes
+
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
+  # access_token_expires_in 2.hours
+
+  # Assign a custom TTL for implicit grants.
+  # custom_access_token_expires_in do |oauth_client|
+  #   oauth_client.application.additional_settings.implicit_oauth_expiration
+  # end
+
+  # Use a custom class for generating the access token.
+  # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
+  # access_token_generator "::Doorkeeper::JWT"
+
+  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+  # reuse_access_token
+
+  # Issue access tokens with refresh token (disabled by default)
+  use_refresh_token
+
+  # Provide support for an owner to be assigned to each registered application (disabled by default)
+  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # a registered application
+  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+  # enable_application_owner :confirmation => false
+
+  # Define access token scopes for your provider
+  # For more information go to
+  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+  # default_scopes  :public
+  # optional_scopes :write, :update
+
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # client_credentials :from_basic, :from_params
+
+  # Change the way access token is authenticated from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+
+  # Change the native redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+
+  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
+  # by default in non-development environments). OAuth2 delegates security in
+  # communication to the HTTPS protocol so it is wise to keep this enabled.
+  #
+  # force_ssl_in_redirect_uri !Rails.env.development?
+
+  # Specify what grant flows are enabled in array of Strings. The valid
+  # strings and the flows they enable are:
+  #
+  # "authorization_code" => Authorization Code Grant Flow
+  # "implicit"           => Implicit Grant Flow
+  # "password"           => Resource Owner Password Credentials Grant Flow
+  # "client_credentials" => Client Credentials Grant Flow
+  #
+  # If not specified, Doorkeeper enables authorization_code and
+  # client_credentials.
+  #
+  # implicit and password grant flows have risks that you should understand
+  # before enabling:
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #
+  grant_flows %w(authorization_code implicit password)
+
+  # Under some circumstances you might want to have applications auto-approved,
+  # so that the user skips the authorization step.
+  # For example if dealing with a trusted application.
+  # skip_authorization do |resource_owner, client|
+  #   client.superapp? or resource_owner.admin?
+  # end
+  skip_authorization { true } # right now only admins can add apps, so this is ok
+
+  # WWW-Authenticate Realm (default "Doorkeeper").
+  realm 'Foodsoft'
+end
+
+# my take on https://github.com/doorkeeper-gem/doorkeeper/issues/465
+ActiveSupport.on_load(:after_initialize) do
+  Doorkeeper::ApplicationController.send :include, Concerns::Locale
+  Doorkeeper::ApplicationController.send :include, Concerns::FoodcoopScope
+  Doorkeeper::ApplicationController.send :include, Concerns::Auth
+end
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@ -663,6 +663,7 @@ de:
      use_wiki: Wiki verwenden
      webstats_tracking_code: Code für Websiteanalysetool
    tabs:
+      applications: Apps
      foodcoop: Foodcoop
      language: Sprache
      layout: Layout
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -666,6 +666,7 @@ en:
      use_wiki: Enable wiki
      webstats_tracking_code: Tracking code
    tabs:
+      applications: Apps
      foodcoop: Foodcoop
      language: Language
      layout: Layout
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@ -638,6 +638,7 @@ nl:
      use_wiki: Wiki gebruiken
      webstats_tracking_code: Tracking code
    tabs:
+      applications: Apps
      foodcoop: Foodcoop
      language: Taal
      layout: Layout
--- a/config/routes.rb
+++ b/config/routes.rb
@ -10,6 +10,8 @@ Foodsoft::Application.routes.draw do

  scope '/:foodcoop' do

+    use_doorkeeper
+
    # Root path
    root to: 'home#index'